GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,264 advisories
Filter by severity
Django SQL injection vulnerability
Critical
CVE-2024-42005
was published
for
Django
(pip)
Aug 7, 2024
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability
Moderate
CVE-2024-42447
was published
for
apache-airflow-providers-fab
(pip)
Aug 5, 2024
openstack-heat may disclose sensitive information
Moderate
CVE-2024-7319
was published
for
openstack-heat
(pip)
Aug 2, 2024
PheonixAppAPI has visible Encoding Maps
Moderate
CVE-2024-41951
was published
for
PheonixAppAPI
(pip)
Jul 31, 2024
MobSF vulnerable to Open Redirect in Login Redirect
Moderate
CVE-2024-41955
was published
for
mobsf
(pip)
Jul 31, 2024
Insecure Jinja2 templates rendered in Haystack Components can lead to RCE
High
CVE-2024-41950
was published
for
haystack-ai
(pip)
Jul 31, 2024
Weave server API vulnerable to arbitrary file leak
High
CVE-2024-7340
was published
for
weave
(pip)
Jul 31, 2024
TensorFlow has segfault in array_ops.upper_bound
High
CVE-2023-33976
was published
for
tensorflow
(pip)
Jul 30, 2024
Aim Stored Cross-site Scripting Vulnerability
Moderate
CVE-2024-6578
was published
for
aim
(pip)
Jul 29, 2024
Twisted vulnerable to HTML injection in HTTP redirect body
Moderate
CVE-2024-41810
was published
for
twisted
(pip)
Jul 29, 2024
twisted.web has disordered HTTP pipeline response
High
CVE-2024-41671
was published
for
twisted
(pip)
Jul 29, 2024
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
Moderate
CVE-2024-40767
was published
for
Nova
(pip)
Jul 24, 2024
Sentry vulnerable to stored Cross-Site Scripting (XSS)
High
CVE-2024-41656
was published
for
sentry
(pip)
Jul 23, 2024
ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command
Moderate
CVE-2024-41129
was published
for
ops
(pip)
Jul 22, 2024
Ankitects Anki LaTeX Blocklist Bypass vulnerability
Low
CVE-2024-32152
was published
for
anki
(pip)
Jul 22, 2024
Ankitects Anki arbitrary script execution vulnerability
Critical
CVE-2024-26020
was published
for
anki
(pip)
Jul 22, 2024
Anki Latex Incomplete Blocklist Vulnerability
Moderate
CVE-2024-29073
was published
for
anki
(pip)
Jul 22, 2024
Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference
Moderate
CVE-2024-6961
was published
for
guardrails-ai
(pip)
Jul 21, 2024
LoLLMS vulnerable to Expected Behavior Violation
High
CVE-2024-6281
was published
for
lollms
(pip)
Jul 20, 2024
Calibre-Web Cross Site Scripting (XSS)
Moderate
CVE-2024-39123
was published
for
calibreweb
(pip)
Jul 19, 2024
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`
Low
CVE-2024-41124
was published
for
puncia
(pip)
Jul 19, 2024
TorchServe vulnerable to bypass of allowed_urls configuration
Critical
CVE-2024-35198
was published
for
torchserve
(pip)
Jul 18, 2024
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
Low
CVE-2024-40647
was published
for
sentry-sdk
(pip)
Jul 18, 2024
Roundup Cross-site Scripting Vulnerability
Moderate
CVE-2024-39124
was published
for
roundup
(pip)
Jul 17, 2024
ProTip!
Advisories are also available from the
GraphQL API